cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Wulff (Updated) (JIRA)" <>
Subject [jira] [Updated] (CXF-3928) Add token validation for OnBehalfOf element in TokenIssueOperation
Date Mon, 28 Nov 2011 08:42:46 GMT


Oliver Wulff updated CXF-3928:

    Attachment: git.diff.patch

Implemented the changes and added a unit test where the on-behalf-of token has been issued
by SAML realm A and the issued token is a SAML token of realm B
> Add token validation for OnBehalfOf element in TokenIssueOperation
> ------------------------------------------------------------------
>                 Key: CXF-3928
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 2.5
>            Reporter: Oliver Wulff
>         Attachments: git.diff.patch, git.diff.patch
> Tokens passed in OnBehalfOf element are not validated. It's the responsibility of the
TokenProvider implementation to validate that.
> A proposal has been discussed here:
> OnBehalfOf token validation is moved to the TokenIssueOperation and the ReceivedToken
is enhanced with the following attributes:
> - was it a token of ws-security header (like ReceivedToken), onbehalfof, actas
> - successfully validated (it could be a token which depends on other constraints to be
fully accepted)
> - original DOM element
> - transformed DOM element (used if the token is passed by ref, also supported by SAML
> - principal (mostly, you only need the principal to issue a new token)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message